In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_can_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in gs_can_close(). Fix the memory leak by anchoring the URB in the gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor.
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: can: gs_usb: gs_usb_receive_bulk_callback(): corregir fuga de memoria de URB En gs_can_open(), los URB para transferencias USB de entrada son asignados, añadidos al ancla parent->rx_submitted y enviados. En la función de devolución de llamada completa gs_usb_receive_bulk_callback(), el URB es procesado y reenviado. En gs_can_close(), los URB son liberados llamando a usb_kill_anchored_urbs(parent->rx_submitted). Sin embargo, esto no tiene en cuenta que el framework USB desancla el URB antes de que se llame a la función completa. Esto significa que una vez que un URB de entrada ha sido completado, ya no está anclado y finalmente no es liberado en gs_can_close(). Corregir la fuga de memoria anclando el URB en gs_usb_receive_bulk_callback() al ancla parent->rx_submitted.
No CVSS metrics are available for this CVE.